Grant Horwood Affected

Notified:  October 15, 2001 Updated: October 15, 2001

Status

Affected

Vendor Statement

The cause of the arbitrary code execution bug in webodex is the library adodb written by John Lim. Webodex uses an older version of this library as the webodex is essentially "mothballed". A new version of adodb is available that plugs this bug and i will be updating webodex late this evening.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

John Lim Affected

Updated:  October 16, 2001

Status

Affected

Vendor Statement

From the Change log: "1.12 6 June 2001 Changed $ADODB_DIR to ADODB_DIR constant to plug a security loophole."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

John Lim wrote ADODB which was vulnerable to this problem.

Marc Logemann Affected

Notified:  October 15, 2001 Updated: October 17, 2001

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Marc Logemann wrote More.groupware which is reported to be vulnerable.

Miro Construct Pty. Ltd. Affected

Notified:  October 15, 2001 Updated: October 16, 2001

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Miro Construct Pty Ltd produces Mambo Site Server. Versions earlier than 3.0.5 are vulnerable. This is fixed in 3.0.6.

Zorbat Affected

Notified:  October 15, 2001 Updated: October 22, 2001

Status

Affected

Vendor Statement

Corrected in release zorbstats 0.9

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.